Portal Server and Access Manager can be located on different nodes. This type of deployment provides the following advantages:
Identity services can be deployed separately from portal services. Portal Server can be one of many applications using identity services.
Authentication and policy services can be separate from provider applications including Portal Server related applications.
Access Manager can be used by other web containers to assist with development of portal customizations.
When Portal Server and Access Manager are on different nodes, the Access Manager SDK must reside on the same node as Portal Server. The web application and supporting authentication daemons can reside on a separate node from the Portal Server instance.
The Access Manager SDK consists of the following components:
Identity Management SDK—provides the framework to create and manage users, roles, groups, containers, organizations, organizational units, and suborganizations.
Authentication API and SPI—provides remote access to the full capabilities of the Authentication Service.
Utility API — manages system resources.
Logging API and SPI — records, among other things, access approvals, access denials and user activity.
Client Detection API — detects the type of client browser that is attempting to access its resources and respond with the appropriately formatted pages.
SSO API—provides interfaces for validating and managing session tokens, and for maintaining the user’s authentication credentials.
Policy API — evaluates and manages Access Manager policies and provides additional functionality for the Policy Service.
SAML API — exchanges acts of authentication, authorization decisions and attribute information.
Federation Management API — adds functionality based on the Liberty Alliance Project specifications.